Safety Features

openapi-mcp includes several safety features to protect against unintended API changes. These features are especially important when using openapi-mcp with AI agents, which might otherwise make potentially destructive API calls without explicit user confirmation.

Confirmation for Dangerous Operations

By default, openapi-mcp requires confirmation for any operations that use HTTP methods that can modify resources:

PUT - Updates resources
POST - Creates resources
DELETE - Removes resources

Confirmation Workflow

When a client attempts to call a tool that uses one of these methods, openapi-mcp returns a confirmation request instead of immediately executing the operation:

// Request
{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "tools/call",
  "params": {
    "name": "deleteService",
    "arguments": {
      "service_id": "SU1Z0isxPaozGVKXdv0eY"
    }
  }
}

// Response
{
  "jsonrpc": "2.0",
  "id": 1,
  "result": {
    "OutputFormat": "structured",
    "OutputType": "json",
    "type": "confirmation_request",
    "confirmation_required": true,
    "message": "This action is irreversible. Proceed?",
    "action": "delete_resource"
  }
}

To proceed with the operation, the client must retry the call with the __confirmed parameter set to true:

// Request with confirmation
{
  "jsonrpc": "2.0",
  "id": 2,
  "method": "tools/call",
  "params": {
    "name": "deleteService",
    "arguments": {
      "service_id": "SU1Z0isxPaozGVKXdv0eY",
      "__confirmed": true
    }
  }
}

// Success response
{
  "jsonrpc": "2.0",
  "id": 2,
  "result": {
    "OutputFormat": "structured",
    "OutputType": "json",
    "type": "api_response",
    "data": {
      "status": "ok"
    },
    "metadata": {
      "status_code": 200
    }
  }
}

Interactive Client Confirmation

When using the interactive client (mcp-client), you'll see the confirmation request and be prompted to retry with confirmation:

mcp> call deleteService {"service_id": "SU1Z0isxPaozGVKXdv0eY"}

Confirmation required: This action is irreversible. Proceed?
To confirm, retry with: call deleteService {"service_id": "SU1Z0isxPaozGVKXdv0eY", "__confirmed": true}

mcp> call deleteService {"service_id": "SU1Z0isxPaozGVKXdv0eY", "__confirmed": true}

HTTP DELETE /service/SU1Z0isxPaozGVKXdv0eY
Status: 200
Response:
{
  "status": "ok"
}

AI Agent Confirmation Handling

When integrating with AI agents, it's important to implement proper confirmation handling. Agents should:

Detect the confirmation_request response type
Present the confirmation message to the user
Only retry with __confirmed: true if the user explicitly approves

Example Agent Confirmation Code

async function callTool(name, args) {
  const response = await sendMcpRequest({
    jsonrpc: '2.0',
    id: 1,
    method: 'tools/call',
    params: { name, arguments: args }
  });
  
  // Check for confirmation request
  if (response.result && response.result.type === 'confirmation_request') {
    // Present confirmation to user
    const userConfirmed = await askUserForConfirmation(response.result.message);
    
    if (userConfirmed) {
      // Retry with confirmation
      return callTool(name, { ...args, __confirmed: true });
    } else {
      throw new Error('Operation cancelled by user');
    }
  }
  
  return response.result;
}

Disabling Confirmation

While not recommended for most use cases, you can disable the confirmation requirement using the --no-confirm-dangerous flag:

bin/openapi-mcp --no-confirm-dangerous examples/fastly-openapi-mcp.yaml

Warning

Disabling confirmation can lead to unintended modifications. Use with caution, especially in production environments or when used with AI agents. This should only be used in controlled automation scenarios where the risk is well understood.

Schema Validation

In addition to the confirmation workflow, openapi-mcp includes comprehensive schema validation to prevent malformed requests:

All tool call arguments are validated against the OpenAPI schema
Required parameters are enforced
Type checking ensures values match expected types
Enum validation ensures values are within allowed options

When validation fails, a structured error response is returned with details about what went wrong:

{
  "OutputFormat": "structured",
  "OutputType": "json",
  "type": "error",
  "error": {
    "code": "validation_error",
    "message": "Invalid parameter",
    "details": {
      "field": "name",
      "reason": "required field missing"
    },
    "suggestions": [
      "Provide a name parameter"
    ]
  }
}

Next Steps

Now that you understand the safety features, you can:

Learn about library usage for embedding in your own projects
Explore command-line options for more configuration possibilities
Check out advanced usage patterns